Another Look at Provable Security

Ever since Thomas Kuhn's The Structure of Scientific Revolutions
appeared a half-century ago, historians of science and technology have
viewed the challenging — and occasionally the overthrowing —
of reigning paradigms as an essential part of scientific progress. In
contrast, complacency, arrogance, and efforts to suppress alternative
viewpoints (for example, by dominating program committees or editorial
boards) are antithetical to the scientific spirit.

This very general observation applies with special force to cryptography.
Throughout history the most successful cryptographers have been those who've
been aware of the need to be constantly questioning assumptions,
searching for new vulnerabilities, and critiquing exaggerated claims of
security.

In our time one of the dominant paradigms in cryptographic research goes
by the name "provable security." This is the notion that the best (or,
some would say, the only) way to have confidence in the security of a
cryptographic protocol is to have a mathematically rigorous theorem that
establishes some sort of guarantee of security (defined in a suitable way)
under certain conditions and given certain assumptions.

The purpose of this website is to encourage the emergence of a more
skeptical and less credulous attitude toward this notion and to contribute
to a process of critical analysis of the positive and negative features of
the "provable security" paradigm.